Protect your containerized applications with precision through namespace-level traffic steering, a capability that refines security controls beyond all-or-nothing traffic inspection. You can now selectively choose which traffic flows to inspect or bypass based on CIDR ranges within individual Kubernetes namespaces. This addresses previous limitations, enabling a more optimized security posture where critical traffic is thoroughly examined, while known benign traffic can bypass inspection, improving performance and resource utilization without compromising security for your Kubernetes workloads.

For implementation details, refer to the deployment workflow specific to your cloud environment.

Discover and protect your serverless workloads by defining application boundaries specifically for them during cloud account onboarding in Azure and AWS environments. You can now view these discovered serverless resources on your application dashboard alongside your existing virtual machine and container workloads, enabling unified visibility across all your cloud compute types. You can then deploy firewall protection to these serverless functions through the same streamlined, Terraform-based workflow you use for other cloud assets. This enhancement ensures comprehensive security coverage for your evolving cloud-native architectures, providing consistent management and deployment for all your diverse cloud applications.

Gain granular control over cloud asset discovery and application organization beyond traditional Virtual Private Cloud (VPC) boundaries using tags, subnets, and namespaces.

You can now deploy API detection services in the India region, ensuring compliance with local data residency regulations and improving performance.

You can now extend AI security inspection to Large Language Models (LLMs) hosted on privately managed endpoints. This feature allows you to secure traffic to custom AI models, even when their endpoints or input/output schemas are not publicly known. By enabling this support within your AI security profile, all traffic that matches a security policy rule will be forwarded to the AI cloud service for threat inspection, regardless of whether the model is a well-known public service or a custom-built private one. This ensures comprehensive security for your entire AI ecosystem.

The overlay routing feature eliminates traffic hairpinning by enabling direct egress from Prisma AIRS AI Runtime: Network intercept to next-hop destinations, like the Internet Gateway (IGW) and NAT Gateways. This prevents double inspection of traffic, reducing latency, bandwidth utilization, and resource consumption.Prisma AIRS can now function as a NAT gateway, consolidating security inspection and network address translation into a single component while maintaining comprehensive security for containerized workloads.

API scan events, including blocked threats, now integrate with the Strata Logging Service, providing a unified log viewer interface for both API-based and network-based AI security events. The Log Viewer now includes a new log type, Prisma AIRS AI Runtime Security API, which displays the scan API logs. This integration allows Security Operations Center (SOC) teams to be alerted to critical threats.

The integration also enables a powerful query builder to search and analyze scan data and supports out-of-the-box queries for analyzing threats. Log forwarding is now supported for Prisma AIRS AI Runtime: API intercept. This ensures comprehensive visibility and streamlines security operations across multiple supported regions.